IE 8 hijack

[DreemWarrior]

OK boys and girls. It seems that I've been jacked. But not really a quality job in my book. I started noticing little quirks in IE 8 (x86) yesterday.Little flickers here and there. As well as the navigation bar having had switched the refresh/stop buttons to the opposite side, "IE" warnings(see screen shots), etc.
So being the super snoop I am, I just HAD to go digging. I'm almost certain I found the culprit, or at least the gen. location anyway.
If you'll notice:
Mysterious VCD in My Computer,(located under appdata), along with MONTHS of what would seem to me RAR files...

But the best part is the browser at what was SUPPOSED to be 'MS Store' (not) * see bottom of screen shot*

Mbam-clean
SAS-random tracking cookies
Avast-clean
Sad part is, I was in the process building a USB 'tool kit' today.
Do these things just SMELL a predator coming and attack or what? lol
Anyway, just wondering if anyone else has seen these symptoms?
Crazy stuff I tell ya...:huh:

 

[Kari]

That Windows Marketplace website seems to be genuine although changed a bit. Here's what they tell:

What is changing on Windows Marketplace?

Windows Marketplace has transitioned from an ecommerce site to a reference site. You will find links to sites such as Microsoft Store, Windows Vista® Compatibility Center, and other destinations with cool and compatible software, hardware and devices that support Microsoft® platforms.

I get the same misshaped MS-logo, but all the links go where they should go, and when you try to buy something from there it takes you to the real thing, an https MS-store.

MagicDISK is part of MagicISO application. When installed, it creates a virtual CD/DVD drive (default K) where you can mount disk images to be used and accessed as if they were CD's / DVD's. Your image shows MagicDISK installed and no disk images mounted to this virtual drive K.

I have no idea what that mysterious LOCA folder can be.

The IE error dialog is a known bug in IE: FIX: Using VB with Modal Form Fails in Internet Explorer

Kari

 

[DreemWarrior]

That Windows Marketplace website seems to be genuine although changed a bit. Here's what they tell:

What is changing on Windows Marketplace?

Windows Marketplace has transitioned from an ecommerce site to a reference site. You will find links to sites such as Microsoft Store, Windows Vista® Compatibility Center, and other destinations with cool and compatible software, hardware and devices that support Microsoft® platforms.

I get the same misshaped MS-logo, but all the links go where they should go, and when you try to buy something from there it takes you to the real thing, an https MS-store.

MagicDISK is part of MagicISO application. When installed, it creates a virtual CD/DVD drive (default K) where you can mount disk images to be used and accessed as if they were CD's / DVD's. Your image shows MagicDISK installed and no disk images mounted to this virtual drive K.

I have no idea what that mysterious LOCA folder can be.

The IE error dialog is a known bug in IE: FIX: Using VB with Modal Form Fails in Internet Explorer

Kari

Hi Kari,
well thats good to know about the MS site at least. And my first time seeing that error bug, so thanks for the heads up. Yeah, the K drive I knew was a VCD, just didnt know where it came from at the time, and I jumped the gun. Well sort of...Since posting this, I started looking deep in my system, and heres what I found:

I had downloaded Slysoft's 'AnyDVD as well as CloneDVD 2, which I ASSUMED was Slysoft as well. Far from the case. Made by Elaborate Bytes, it came packaged together with a program called CloneDrive,(along with a TON of tracking cookies) which has the exact icon as CloneDVD2. It associated itself every .ISO,BIN, Cue, ect and when I uninstalled the program, it deleted all original backup files and left copys with its own extension, which obviouusly are of no use. Thing is, already doing its thing when I found it.It had stopped Taskmgr cold. Luckily I have a little nasty file of my own on flash that killed it long enough to get SAS on it.
But, alls well that ends well.
Thanks
.